NOTE: This kernel update marks the final planned kernel security
update for the 2.6.24 kernel in the Debian release 'etch'. Although
security support for 'etch' officially ended on Feburary 15th, 2010,
this update was already in preparation before that date.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:

Steve Beattie and Kees Cook reported an information leak in the
maps and smaps files available under /proc. Local users may be
able to read this data for setuid processes while the ELF binary
is being loaded.

Dave Jones reported an issue in the gdth SCSI driver. A missing
check for negative offsets in an ioctl call could be exploited by
local users to create a denial of service or potentially gain
elevated privileges.

Roel Kluin discovered an issue in the hfc_usb driver, an ISDN
driver for Colognechip HFC-S USB chip. A potential read overflow
exists which may allow remote users to cause a denial of service
condition (oops).

Anana V. Avati discovered an issue in the fuse subsystem. If the
system is sufficiently low on memory, a local user can cause the
kernel to dereference an invalid pointer resulting in a denial of
service (oops) and potentially an escalation of privileges.

Ted Ts'o discovered an issue in the ext4 filesystem that allows
local users to cause a denial of service (NULL pointer
dereference). For this to be exploitable, the local user must
have sufficient privileges to mount a filesystem.

Ramon de Carvalho Valle discovered an issue in the sys_move_pages
interface, limited to amd64, ia64 and powerpc64 flavors in Debian.
Local users can exploit this issue to cause a denial of service
(system crash) or gain access to sensitive kernel memory.